Statistics can be misleading, because they often only tell a part of the story. For instance, it is a fact that there are far fewer traffic fatalities involving Aston Martin owners than there are those who drive a Toyota Camry.
At first glance, one could demise that Aston Martin automobiles are safer, or their owners are safer drivers. While either of these premises may be true, the real reason as to why there are so many more fatalities involving Camrys is because there are far more of them (only 4,150 Aston Martins were sold on a global basis in 2020, while more than 10 million Camrys were sold that year).
Windows vs. Linux
This analogy applies to the topic of Windows vs. Linux in terms of cybersecurity. If one casually reads the many stories about ransomware attacks, one might presume that ransomware is a Windows problem that Linux servers are immune from. There are, however, valid reasons why Windows seems to take the brunt of ransomware attacks:
- Ransomware is often spread through email, and email users predominantly use a Windows machine when checking their email
- There are a lot more Windows servers out there vs. Linux: 72.1% vs 13.6% in 2019
- Windows servers are often used by SMBs that may not have the internal IT staff to secure their server environment
Why Linux Servers are High Value Targets
Like the car analogy, the numbers only tell half the story. While there may be a lot more Windows machines out there, Linux servers are not exempt from ransomware attacks.
The goal of any ransomware gang is to get paid. The best way to ensure payment is to target machines that host valuable data to encrypt or exfiltrate. While there are certainly more Windows machines out there to target, Linux servers may in fact host the lion’s share of value rich data that will garner a paycheck for an attacker.
For instance, Linux is used by 37.5% of all known websites in the world, and 96% of the top 1 million web servers operating systems are Linux based. Linux was also used by 98% of all supercomputers in 2020. Then there’s that thing called the “public cloud,” of which Linux powers 90%. If you want to talk legacy, well, Linux runs 90% of IBM’s top mainframe customers as well.
Because Linux servers predominantly support the backend operations of the largest enterprises today, they also host a large amount of intellectual property and personal information, making them attractive targets for ransomware attacks.
While a ransomware attack may initially involve one or more Windows machines, the real targets of these malicious malware missiles are often the Linux backend servers, the ones you rarely read about.
The Linux You Don’t Know
Just because you don’t use one of the major Linux distros to run your servers doesn’t mean you don’t use Linux. Linux runs a lot of things you probably aren’t aware of. Think Chromebooks are powered by Android? Think again. It’s Linux. Linux also runs on digital storage devices and personal video recorders. The fact is that there are a lot of touchpoints of vulnerability in your enterprise that ransomware can hitch on to, just like Windows.
Windows Gets the Attention
Windows gets a bad rap sometimes when it comes to ransomware and other malware attacks, while Linux is looked at as a virtuous OS. One of the consequences of this misconception is that because Windows garners much of the attention, it garners much of the security effort as well, often leaving Linux less protected.
But the fact is that Linux needs your security attention too, maybe even more due to the prominent data that it hosts. Like any digital asset in your network, never assume your Linux machines are safe.